I don't know whether you're talking about a real thing or not. DKIM is a digital signature of a message, and obviously broadly deployed, but there are no Certificate Authorities involved. Keys are self generated and depend on DNS ownership, no more.
S/MIME offers more traditional digital signatures using CA signed certificates. I would not call that widely deployed, I certainly have never seen it from any marketing/transactional mail, maybe once or twice from a medical insurance company. Support in mail clients is fairly widely deployed, possibly more so than DKIM. Widespread use, especially to consumers, would depend on some amazing complications for key generation, especially if you correctly rotate keys... how many hardware signing boxes do you need to handle a billion keys rotating yearly? Anyways, consumer level is not what we're talking about here anyways. And that CA signature is as meaningful as it is in HTTPS, which is to say not very much... but related to that was the attempt at extended validation certificate signatures, and now you're getting closer to what BIMI is trying to do. Brandon On Thu, Jul 23, 2020 at 3:08 AM Jaroslaw Rafa via mailop <mailop@mailop.org> wrote: > All this BIMI thing seems to be only about increased pushing of big > companys' logos before people's eyes than to any fraud prevention. > > If it were about fraud prevention, then instead of inventing something > completely new, the companies could use solution that is standard, already > available and widely supported - that is, digital signing of a message. > > Many companies already do this for years. For example, I am always > receiving > emails from my bank, phone operator, ISP, electricity provider etc. > digitally signed. When I open such a message, my email client (two > different > ones, actually) prominently displays that the message is digitally signed > by > <insert name here> and the signature is valid/invalid. Thus it's simple to > verify that the email is really from them. (You have of course to trust the > CA issuing the signing certificate - exactly as in the case of BIMI, where > you have to trust the CA as well; so protection level is no less). > > But this can display only the company name, and not LOGO! So marketoids > don't like it, because they want company's logo pushed before people's eyes > as often as they could. It's sad that someone is pushing a solution that > adds no value to actual email communication on topics important and useful > for the recipient, but only to marketoids who want to send people more > useless marketing blah-blah junk. :( > -- > Regards, > Jaroslaw Rafa > r...@rafa.eu.org > -- > "In a million years, when kids go to school, they're gonna know: once there > was a Hushpuppy, and she lived with her daddy in the Bathtub." > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
